The National Research Council has launched a massive, year-long security overhaul of its computer systems after a series of cyber attacks believed to have come from China.

The Communications Security Establishment Canada “detected and confirmed a cyber intrusion on the IT infrastructure of the National Research Council of Canada,” the science and tech research organization said in a statement.

“Following assessments by NRC and its security partners, action has been taken to contain and address this security breach, including protecting its information holdings and notifying the privacy commissioner. NRC has also taken steps to inform its clients and stakeholders about this situation.”

It says it will undertake a major overhaul of its computer security: “This could take approximately one year.”

“NRC is continuing to work closely with its IT experts and security partners to create a new secure IT infrastructure,” the organization said. “Every step is being taken to minimize disruption.”

The infiltration comes as the agency is working on an advanced computer encryption system that is supposed to prevent such attacks.

The NRC has been working with private sector and university research teams on a physics-based, state-of-the-art computer encryption system.

“The emerging field of quantum communication promises unhackable, secure communication that can be applied to protect our digital infrastructure,” says the NRC’s website.

The research agency had hoped that such technology would position Canada as a global leader in the field of quantum cyber security.

The breach and resulting shutdown now raises questions about the NRC’s ability to continue its role as the most important research organization in the Canadian government, and to co-ordinate research and commercialization of Canadian discoveries with universities and industries.

One well-known academic speaking off the record said it’s unlikely to harm research on a large scale. Most science and engineering done by NRC’s partners is conducted by individuals or small groups who keep their data separate from NRC servers, he said, and it’s unlikely that this has been harmed or that it could be stolen by hackers.

“I’m interested (in the cyber attack) as a Canadian citizen, but as a research scientist this has zero effect on me,” he said.

Canada’s chief information officer said there is no indication the breach of security extended to other government departments.

The NRC was among a host of federal departments that expressed reservations earlier this year about giving up control of their IT infrastructure to the government’s super-IT department, and demanded there be no changes to their systems spread across the country.

The concerns are laid out in a January briefing note — obtained by the Citizen — to the president of Shared Services Canada, which oversees IT infrastructure for dozens of federal departments. Among the concerns from agencies including the National Research Council was that any changes could interfere with the council’s operations.

Those concerns delayed Shared Services Canada from taking over the National Research Council’s systems, part of a government-wide push to consolidate networks and systems to reduce costs, modernize an aging IT infrastructure and shore up security in an age of cyber espionage.

Now, six months later, the National Research Council’s networks are down indefinitely after it was hacked.

It’s not clear whether the hacked systems were slated to move to Shared Services Canada.

Many of the resources “operate in a heavy federated model,” meaning they are multiple databases across the country rather than consolidated data centres that Shared Services Canada is mandated with creating. The government has said the changes will save money, while also increasing security by leaving fewer access points for hackers.

“The partner organizations are also very cautious in their relationships with SSC as they want to ensure that any IT infrastructure services they have transferred to the department are not changed or transformed in any way that would threaten their business and service delivery, given the implications for national security and public health in Canada,” reads a Jan. 22 briefing note to Shared Services Canada president Liseanne Forand.

The briefing note goes on to say that those concerns have meant delays in the departments adopting new ways of doing business, “or in planning the ’tilt’ of their operations and resources to the proposed ‘end-state'” IT infrastructure the government envisions. That “end-state” is consolidating 485 data centres into seven spots, replacing 63 email systems with one, and reducing the number of networks so that more departments share IT infrastructure.

NRC did not respond to requests Tuesday for further information. The organization refused to discuss anything, not even to give information publicly that it has shared with “stakeholders” in universities and industry.

Comments

We encourage all readers to share their views on our articles and blog posts. We are committed to maintaining a lively but civil forum for discussion, so we ask you to avoid personal attacks, and please keep your comments relevant and respectful. If you encounter a comment that is abusive, click the "X" in the upper right corner of the comment box to report spam or abuse. We are using Facebook commenting. Visit our FAQ page for more information.

Almost Done!

Postmedia wants to improve your reading experience as well as share the best deals and promotions from our advertisers with you. The information below will be used to optimize the content and make ads across the network more relevant to you. You can always change the information you share with us by editing your profile.

By clicking "Create Account", I hearby grant permission to Market to use my account information to create my account.

I also accept and agree to be bound by Postmedia's Terms and Conditions with respect to my use of the Site and I have read and understand Postmedia's Privacy Statement. I consent to the collection, use, maintenance, and disclosure of my information in accordance with the Postmedia's Privacy Policy.

Postmedia wants to improve your reading experience as well as share the best deals and promotions from our advertisers with you. The information below will be used to optimize the content and make ads across the network more relevant to you. You can always change the information you share with us by editing your profile.

By clicking "Create Account", I hearby grant permission to Postmedia to use my account information to create my account.

I also accept and agree to be bound by Postmedia's Terms and Conditions with respect to my use of the Site and I have read and understand Postmedia's Privacy Statement. I consent to the collection, use, maintenance, and disclosure of my information in accordance with the Postmedia's Privacy Policy.